ikev2: Always store signature scheme in auth-cfg
authorTobias Brunner <tobias@strongswan.org>
Mon, 1 Feb 2016 17:15:57 +0000 (18:15 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:19:53 +0000 (16:19 +0100)
As we use a different rule we can always store the scheme.

src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c

index 64cd775..110c509 100644 (file)
@@ -55,11 +55,6 @@ struct private_pubkey_authenticator_t {
         * Reserved bytes of ID payload
         */
        char reserved[3];
-
-       /**
-        * Whether to store signature schemes on remote auth configs.
-        */
-       bool store_signature_scheme;
 };
 
 /**
@@ -425,11 +420,7 @@ METHOD(authenticator_t, process, status_t,
                        status = SUCCESS;
                        auth->merge(auth, current_auth, FALSE);
                        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
-                       if (this->store_signature_scheme)
-                       {
-                               auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
-                                                (uintptr_t)scheme);
-                       }
+                       auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme);
                        break;
                }
                else
@@ -502,8 +493,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
                .ike_sa = ike_sa,
                .ike_sa_init = received_init,
                .nonce = sent_nonce,
-               .store_signature_scheme = lib->settings->get_bool(lib->settings,
-                                       "%s.signature_authentication_constraints", TRUE, lib->ns),
        );
        memcpy(this->reserved, reserved, sizeof(this->reserved));